Resubmissions

03-08-2024 18:41

240803-xbyets1hkj 10

03-08-2024 18:38

240803-xabjns1gpp 10

General

  • Target

    Macro_Setup.exe

  • Size

    77.7MB

  • Sample

    240803-xbyets1hkj

  • MD5

    b363a5b39ecac353597750e76363867b

  • SHA1

    8a99ebcfa66daa9cf46bcf9a45921e1d4534836b

  • SHA256

    40d5da64907b3f46451f0517d5631334d2881a09e2b4bdcf8ff03b0aeabbf01c

  • SHA512

    1758f40a4fe32abb83fe07063b6b57c34931fcc09f568218e3ce99825052b6c144ea1c69bb113bba37332a9ee7b0ec89488c75b289871cea720930338f07a8ed

  • SSDEEP

    1572864:IvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4+1uxa/Z9UN/:IvHcRXhTSkB05awqfhdCpukdRHs9U

Malware Config

Targets

    • Target

      Macro_Setup.exe

    • Size

      77.7MB

    • MD5

      b363a5b39ecac353597750e76363867b

    • SHA1

      8a99ebcfa66daa9cf46bcf9a45921e1d4534836b

    • SHA256

      40d5da64907b3f46451f0517d5631334d2881a09e2b4bdcf8ff03b0aeabbf01c

    • SHA512

      1758f40a4fe32abb83fe07063b6b57c34931fcc09f568218e3ce99825052b6c144ea1c69bb113bba37332a9ee7b0ec89488c75b289871cea720930338f07a8ed

    • SSDEEP

      1572864:IvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4+1uxa/Z9UN/:IvHcRXhTSkB05awqfhdCpukdRHs9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks